From c86cb9afe063a67530fca1361ac0c733376ea8f5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 15 Apr 2026 18:15:23 +0000 Subject: [PATCH 1/5] Initial plan From d468678d00e9f91eb6952900ed60a9201b8cb58d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 15 Apr 2026 18:17:37 +0000 Subject: [PATCH 2/5] Fix Nextcloud first-launch security/setup warnings Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/e94844f0-187d-4b52-9302-7e61d3e5804a Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com> --- modules/nextcloud.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 34baa5d..47540c0 100755 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -134,15 +134,32 @@ lib.mkIf config.sovran_systemsOS.services.nextcloud { /run/wrappers/bin/su -s /bin/sh caddy -c " php $INSTALL_DIR/occ config:system:set trusted_domains 0 --value='$DOMAIN' php $INSTALL_DIR/occ config:system:set overwrite.cli.url --value='https://$DOMAIN' + php $INSTALL_DIR/occ config:system:set overwritehost --value='$DOMAIN' php $INSTALL_DIR/occ config:system:set overwriteprotocol --value='https' " /run/wrappers/bin/su -s /bin/sh caddy -c " + php $INSTALL_DIR/occ config:system:set trusted_proxies 0 --value='127.0.0.1' + php $INSTALL_DIR/occ config:system:set trusted_proxies 1 --value='::1' + php $INSTALL_DIR/occ config:system:set forwarded_for_headers 0 --value='HTTP_X_FORWARDED_FOR' php $INSTALL_DIR/occ config:system:set default_phone_region --value='US' + php $INSTALL_DIR/occ config:system:set maintenance_window_start --type=integer --value=1 php $INSTALL_DIR/occ config:system:set memcache.local --value='\OC\Memcache\APCu' + php $INSTALL_DIR/occ config:system:set memcache.locking --value='\OC\Memcache\APCu' + php $INSTALL_DIR/occ config:system:set server_id --value=\"\$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n' | head -c 32)\" php $INSTALL_DIR/occ background:cron " + /run/wrappers/bin/su -s /bin/sh caddy -c " + php $INSTALL_DIR/occ integrity:check-core + php $INSTALL_DIR/occ maintenance:repair + php $INSTALL_DIR/occ db:add-missing-indices + php $INSTALL_DIR/occ db:add-missing-columns + php $INSTALL_DIR/occ db:add-missing-primary-keys + php $INSTALL_DIR/occ maintenance:repair --include-expensive + php $INSTALL_DIR/occ app:disable app_api || true + " + /run/wrappers/bin/su -s /bin/sh caddy -c " php $INSTALL_DIR/occ app:install calendar || true php $INSTALL_DIR/occ app:install contacts || true @@ -184,6 +201,10 @@ CREDS "d /var/lib/nextcloud 0770 caddy php -" ]; + services.phpfpm.pools.mypool.phpOptions = lib.mkAfter '' + output_buffering = 0 + ''; + environment.systemPackages = with pkgs; [ unzip ]; sovran_systemsOS.domainRequirements = [ From 25fe8844e5849c902feb6cb00ba0b96e18411c17 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 15 Apr 2026 18:18:32 +0000 Subject: [PATCH 3/5] Refine server_id generation and AppAPI disable guard Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/e94844f0-187d-4b52-9302-7e61d3e5804a Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com> --- modules/nextcloud.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 47540c0..0b5e798 100755 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -146,7 +146,7 @@ lib.mkIf config.sovran_systemsOS.services.nextcloud { php $INSTALL_DIR/occ config:system:set maintenance_window_start --type=integer --value=1 php $INSTALL_DIR/occ config:system:set memcache.local --value='\OC\Memcache\APCu' php $INSTALL_DIR/occ config:system:set memcache.locking --value='\OC\Memcache\APCu' - php $INSTALL_DIR/occ config:system:set server_id --value=\"\$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n' | head -c 32)\" + php $INSTALL_DIR/occ config:system:set server_id --value=\"\$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')\" php $INSTALL_DIR/occ background:cron " @@ -157,7 +157,7 @@ lib.mkIf config.sovran_systemsOS.services.nextcloud { php $INSTALL_DIR/occ db:add-missing-columns php $INSTALL_DIR/occ db:add-missing-primary-keys php $INSTALL_DIR/occ maintenance:repair --include-expensive - php $INSTALL_DIR/occ app:disable app_api || true + php $INSTALL_DIR/occ app:info app_api >/dev/null 2>&1 && php $INSTALL_DIR/occ app:disable app_api || true " /run/wrappers/bin/su -s /bin/sh caddy -c " From 0d318d60acc30436bf9e7416a0dd115b297970bc Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 15 Apr 2026 18:19:13 +0000 Subject: [PATCH 4/5] Harden server_id setup and app_api disable flow Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/e94844f0-187d-4b52-9302-7e61d3e5804a Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com> --- modules/nextcloud.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 0b5e798..9384708 100755 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -81,6 +81,7 @@ lib.mkIf config.sovran_systemsOS.services.nextcloud { DB_HOST="localhost" ADMIN_USER=$(pwgen -s 16 1) ADMIN_PASS=$(pwgen -s 24 1) + SERVER_ID=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') echo "══════════════════════════════════════════════" echo " Nextcloud Automated Installation" @@ -146,7 +147,7 @@ lib.mkIf config.sovran_systemsOS.services.nextcloud { php $INSTALL_DIR/occ config:system:set maintenance_window_start --type=integer --value=1 php $INSTALL_DIR/occ config:system:set memcache.local --value='\OC\Memcache\APCu' php $INSTALL_DIR/occ config:system:set memcache.locking --value='\OC\Memcache\APCu' - php $INSTALL_DIR/occ config:system:set server_id --value=\"\$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')\" + php $INSTALL_DIR/occ config:system:set server_id --value='$SERVER_ID' php $INSTALL_DIR/occ background:cron " @@ -157,7 +158,9 @@ lib.mkIf config.sovran_systemsOS.services.nextcloud { php $INSTALL_DIR/occ db:add-missing-columns php $INSTALL_DIR/occ db:add-missing-primary-keys php $INSTALL_DIR/occ maintenance:repair --include-expensive - php $INSTALL_DIR/occ app:info app_api >/dev/null 2>&1 && php $INSTALL_DIR/occ app:disable app_api || true + if php $INSTALL_DIR/occ app:info app_api >/dev/null 2>&1; then + php $INSTALL_DIR/occ app:disable app_api + fi " /run/wrappers/bin/su -s /bin/sh caddy -c " From 7a0a43dfd3ad32055cfabfeee8f33fa5104fd5dd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 15 Apr 2026 18:19:49 +0000 Subject: [PATCH 5/5] Add server_id guard and AppAPI rationale Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/e94844f0-187d-4b52-9302-7e61d3e5804a Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com> --- modules/nextcloud.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 9384708..d28c09d 100755 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -82,6 +82,10 @@ lib.mkIf config.sovran_systemsOS.services.nextcloud { ADMIN_USER=$(pwgen -s 16 1) ADMIN_PASS=$(pwgen -s 24 1) SERVER_ID=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') + if [ -z "$SERVER_ID" ]; then + echo "Failed to generate Nextcloud server_id" + exit 1 + fi echo "══════════════════════════════════════════════" echo " Nextcloud Automated Installation" @@ -158,6 +162,7 @@ lib.mkIf config.sovran_systemsOS.services.nextcloud { php $INSTALL_DIR/occ db:add-missing-columns php $INSTALL_DIR/occ db:add-missing-primary-keys php $INSTALL_DIR/occ maintenance:repair --include-expensive + # AppAPI deploy daemon warnings are avoided by disabling app_api when present. if php $INSTALL_DIR/occ app:info app_api >/dev/null 2>&1; then php $INSTALL_DIR/occ app:disable app_api fi